Other Services

Staying strong in the evolving threat landscape

In an age of ever-increasing technological complexity amid an evolving security threat landscape, it’s almost inevitable that more and more household names become the victims of cybercrime.

As organisations’ technology stacks grow in scale and complexity, so too does the potential security holes and weak points in their defences. And, with an army of sophisticated, highly skilled cybercriminals waiting to pounce at the smallest opportunity, the situation is rapidly becoming more critical.

Here we take a look inside a couple of the more high-profile global cyber-attacks, the damage they caused, and how businesses can ensure they’re always prepared for the unexpected.

WannaCry makes businesses wanna cryIn May 2017, ransomware cryptoworm WannaCry targeted computers using Microsoft Windows by encrypting data and demanding ransom payments in Bitcoin. Businesses that hadn’t updayed Microsoft’s security updated the previous month were affected, and within one day it is reported to have infected more than 230,000 computers across 150 countries.

WannaCry represented the first confluence of a single ‘worm-malware-ransomware’ exploit which, in theory, created a more efficient business model that is typically the case with ransomware attacks. It was a technical success in that the attackers’ clever use of code wreaked havoc, yet the demand for payment in Bitcoin displayed poor business acumen for turning ransoms into profit.

While the attack didn’t deliver its authors desired cash benefits, the effects have been monumental. Experts, such as Edward Snowden, have claimed the US intelligence services, specifically, the NSA, could have done more to prevent the attack. While closer to home, commentators have claimed the Government’s underfunding of the NHS exacerbated WannaCry’s impact on its computers, and Health Secretary Jeremy Hunt being accused of refusing to act on advice from Microsoft, the National Cyber Security Centre and the National Crime Agency two months before the attack.

Petya reaps perilA month later, a series of similarly powerful cyber-attacks wreaked havoc on businesses, predominantly on Ukrainian organisations with further reports of infections in Germany, France, Italy, the UK, US and Australia. The attack hit more than 80 Ukrainian businesses, including the National Band of Ukraine, and was alleged to be a politically-motivated attack on the country.

A variant of the Petya ransomware chain, the attack is believed to have originated from an update of MeDoc, a tax accounting package used by around 90% of Ukraine businesses and installed onto an estimated 1 million computers. The update was pushed through the server, only it had been compromised to download and run malware that used the EternalBlue exploit discovered in old versions of Windows. That forced the computer to restart then popped up a message telling the user their files are encrypted and demanding they send $300 in Bitcoin to receive instructions to decrypt their computer.

The attack affected a series of Ukrainian banks, transport systems, the Boryspil International Airport, and state departments, as well as taking the radiation monitoring systems at the Chernobyl nuclear power plant offline. Damage caused by the attack is estimated at more than $10 billion, with eye-watering costs suffered by individual companies including an $870 million to Merck, $400 million to FedEx and $300 million to Maersk.

Maintaining security defencesThe sheer scale of the threat facing businesses may have you thinking that fighting against the tide is futile. But as ccybercriminals ploys and tactics evolve, so too do those of the highly skilled professionals who have your security interests at heart.

It’s vital to work with vendors to ensure your software and hardware are rigorously patched and updated at all times and gain an understanding of the various security patching nuances, such as OS settings, hypervisor configuration and container settings. It’s also key to carry out regular vulnerability checks to ensure the security of your systems and processes doesn’t fall behind the curve of the evolving threat landscape.

Furthermore, there is a responsibility for the information security community to continue to educate and demystify the tools, techniques and processes being deployed by hackers. Everyone within a business – and anyone who uses the internet – need to be aware of their risks and weaknesses, and ensure they address them. Being prepared is paramount.

It’s often said that attackers have the upper hand as they only need to get lucky once in order to achieve their goal. But if you look for clues in the right places and have your security defences in order then it’s also the case that a defender only needs to get lucky once. We don’t have to stop or detect every action that an attacker makes, we just need to ensure that we disrupt their attack at one point in the ‘kill chain.’

Boxer Mike Tyson famously said of his opponents, “Everybody has a plan until they get punched in the face” – and punching people in the cyber face is something we do for a living. To find out how we can add punch to your security defences, check out our Managed Threat Detection Services brochureor contact us at info@secdata.com or call 01622 723 456.